For information on setting up provisioning in OKTA, see this article:Connect Administration: OKTA Provisioning
What Is Required for a User to Provision?
Users added via Provisioning in OKTA require the following fields to be present in the User's object:
- user.firstName
- user.lastName
- user.email
You must also complete the previous steps outlined in SSO and Directory Service - Start Here!
Users Not Adding into Connect After Being Added to a Group Provisioned in OKTA
Provisioning automatically runs immediately in OKTA. If the user is not coming into Connect you can try to "Provision on demand" in Admin>Applications> Connect Provisioning>Push Groups and click the drop down under "Push Status" column:
If you are seeing this type of error:
please make sure that you have followed Step 1 of this guide and verified your domain first: SSO and Directory Service - Start Here!
Group Removed From Provisioning Not Removing from Connect
When a group is removed from the Push Groups in OKTA, it should immediately remove from Connect. If the group is not removing try using the method above to manually push out the change
What Happens if I Provision More Users than I have Seats in Connect?
You will see an error in Connect under Notifications:
Please free up seats on your subscriptions, or purchase additional seats
User Updates Not Reflected in Connect
Updates to a user's first name, last name, or email address in OKTA will be reflected immediately. If you are not seeing the change sync over to Connect you can try manually running the provision job using the steps mentioned previously above